| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 1067 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1078 if (!start_cert_verification_time_.is_null()) { | 1078 if (!start_cert_verification_time_.is_null()) { |
| 1079 base::TimeDelta verify_time = | 1079 base::TimeDelta verify_time = |
| 1080 base::TimeTicks::Now() - start_cert_verification_time_; | 1080 base::TimeTicks::Now() - start_cert_verification_time_; |
| 1081 if (result == OK) { | 1081 if (result == OK) { |
| 1082 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); | 1082 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTime", verify_time); |
| 1083 } else { | 1083 } else { |
| 1084 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); | 1084 UMA_HISTOGRAM_TIMES("Net.SSLCertVerificationTimeError", verify_time); |
| 1085 } | 1085 } |
| 1086 } | 1086 } |
| 1087 | 1087 |
| 1088 bool sni_available = ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 || | |
| 1089 ssl_config_.version_fallback; | |
| 1090 const CertStatus cert_status = server_cert_verify_result_.cert_status; | 1088 const CertStatus cert_status = server_cert_verify_result_.cert_status; |
| 1091 if (transport_security_state_ && | 1089 if (transport_security_state_ && |
| 1092 (result == OK || | 1090 (result == OK || |
| 1093 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && | 1091 (IsCertificateError(result) && IsCertStatusMinorError(cert_status))) && |
| 1094 !transport_security_state_->CheckPublicKeyPins( | 1092 !transport_security_state_->CheckPublicKeyPins( |
| 1095 host_and_port_.host(), | 1093 host_and_port_.host(), |
| 1096 sni_available, | |
| 1097 server_cert_verify_result_.is_issued_by_known_root, | 1094 server_cert_verify_result_.is_issued_by_known_root, |
| 1098 server_cert_verify_result_.public_key_hashes, | 1095 server_cert_verify_result_.public_key_hashes, |
| 1099 &pinning_failure_log_)) { | 1096 &pinning_failure_log_)) { |
| 1100 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; | 1097 result = ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN; |
| 1101 } | 1098 } |
| 1102 | 1099 |
| 1103 if (result == OK) { | 1100 if (result == OK) { |
| 1104 // Only check Certificate Transparency if there were no other errors with | 1101 // Only check Certificate Transparency if there were no other errors with |
| 1105 // the connection. | 1102 // the connection. |
| 1106 VerifyCT(); | 1103 VerifyCT(); |
| (...skipping 660 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1767 ct::SCT_STATUS_LOG_UNKNOWN)); | 1764 ct::SCT_STATUS_LOG_UNKNOWN)); |
| 1768 } | 1765 } |
| 1769 } | 1766 } |
| 1770 | 1767 |
| 1771 scoped_refptr<X509Certificate> | 1768 scoped_refptr<X509Certificate> |
| 1772 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1769 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1773 return server_cert_; | 1770 return server_cert_; |
| 1774 } | 1771 } |
| 1775 | 1772 |
| 1776 } // namespace net | 1773 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 578553004:
Remove the "snionly" concept from the HSTS preload. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master